Building Your House on Sand - BayThreat 2012
from Brett Hardin
You web application is an amalgamation of different software. Proprietary code, open source libraries, and snippets from stack exchange are mashed together. However, when secure code review is looking only at custom code. What about the 85% of the code base using open source? As an organization how can you stay aware of patches to your third party library code?